# This controller handles the login/logout function of the site.  
class SessionsController < ApplicationController
  def new
    #Stub required for Lockdown to grant access
  end

  def create
    password_authentication(params[:login], params[:password])
  end

  def destroy
		logger.info "resetting session in sessions controller"
    reset_session
    generate_menu
    flash[:notice] = "You have been logged out."
    redirect_back_or_default('/')
  end
  
  protected
		def password_authentication(login, password)
			set_session_user(User.authenticate(login, password))
			if logged_in?
	      successful_login
	   else
	     failed_login
	   end
	 end
  
	 def failed_login(message = 'Authentication failed.')
	   flash[:error] = message
		 redirect_back_or_default login_url
	 end
	 
		def successful_login
		 flash[:notice] = "Logged in successfully"
     generate_menu(current_user_user_group_ids)
		 redirect_back_or_default "/"
	 end
end
